API secrets are like PII, can't live with them, can't live without them. Have you . .

Have you found any on-ramp providers not requiring API secrets? (Especially for Bitcoin on-ramps where MetaMask snaps aren’t a good fit I guess?)

Or alternatively, have you hacked a workaround for your canisters to utilize API secrets stored elsewhere, not accessbile by node operators?